C-25
Cisco ASA 5500 Series Configuration Guide using the CLI
AppendixC Configuring an External Server for Authorization and Authentication
Configuring an External LDAP Server
FigureC-11 Login Denied Message for AnyConnect Client User
Enforcing Logon Hours and Time-of-Day Rules
The following example shows how to configure and enforce the hours that a clientless SSL user (such as
a business partner) is allowed to access the network.
On the AD server, use the Office field to enter the name of the partner, which uses the
physicalDeliveryOfficeName attribute. Then we create an attribute map on the ASA to map that attribute
to the Cisco attribute Access-Hours. During authentication, the ASA retrieves the value of
physicalDeliveryOfficeName and maps it to Access-Hours.
To configure the user attributes on the AD /LDAP server, perform the following steps:
Step1 Select the user, and right-click Properties.
The Properties dialog box appears (see Figure C-12).
Step2 Click the General tab.